Security advice: Be careful when using Java


 

Java is installed on almost all computers. This is an obvious security risk, considering that there are regular announcements on new Java vulnerabilities that enable hackers to infect your PC with malware. However, most users don’t even need Java and can safely uninstall it without losing needed functionality. Keep reading to learn all you need to know about Java and avoid unnecessary security risks to your PC!

Java and JavaScript – there is a huge difference

Both words sound closely related, but they actually aren’t. Whereas Java is a complete programming language or run-time environment for programs, JavaScript is, as you may deduce from the name, a scripting language. Scripting languages are mostly used to run rather small tasks, especially within your browser. JavaScript as a part of a website generally doesn’t have access to your computer’s filesystem and can’t run any programs or create files. Java, on the other hand, can. Running Java applications is basically like starting a regular program on your PC, which of course includes
the ability to modify files on the system.

On one hand, Java programs can be run locally on your PC, and on the other hand, as a so-called Java applet in a browser that supports Java. Java applets are embedded in a webpage by means of simple HTML code:

When accessing the webpage with this HTML code, the Java applet called “javaprogram” is downloaded from the web server to your computer where it is run. Java applets are usually used when a website requires access to local files or your computer’s hardware.

Why is Java so dangerous and do I really need it?

Depending on which browser you are using and your settings, there may be security restrictions placed on Java, but these are frequently bypassed by vulnerabilities (“exploits”) within the Java environment or your browser itself. By default, Java applets are forbidden from interacting with other programs outside of the browser and from accessing files on your computer. However, if these restrictions are bypassed by an exploit, your system is wide open to anyone.

WARNING!
THE CURRENT JAVA VERSION IS CONSIDERED VULNERABLE!

Although Oracle, the company behind Java, has published several security updates in recent weeks, new vulnerabilities have already been discovered in the current version that enable specially crafted websites to gain full access to your system. As security updates are usually released with a delay of several months, this means that at any time, the current Java version may be vulnerable. All recently discovered vulnerabilities have one thing in common: They are exclusively related to browser Java applets, not locally installed Java programs.

Do Bilet, Benfry or ThinkFree ring a bell? Probably not, and this comes as no surprise – there are hardly any frequently used Java applets. Java applets are primarily used in business environments and company intranets. As a private user, you are more likely to encounter websites that use JavaScript or Flash. Things are a little different for desktop applications. There are quite a few well-known programs that require Java.

How to use Java securely

Here is Emsisoft’s security advice concerning Java:

Emsisoft Enterprise Security + EDR

Robust and proven endpoint security solution for organizations of all sizes. Start free trial
If you don’t need Java at all: Uninstall it! As with any other software, you can do this from the Control Panel via “Programs and Features”.
If you are using Java programs, but don’t need browser integration, disable it. Information on how to achieve this can be found on the Java Homepage.
If you do require Java, be sure to keep it up-to-date at all times. Don’t hesitate to apply new updates when they become available, as they may fix critical vulnerabilities.
As critical vulnerabilities are usually not discovered before there is a new infection wave, it is important to use security software with real-time protection. Emsisoft Anti-Malware is able to reliably detect attacks even by unknown malware, thanks to its three security layers.

Arief Prabowo

What to read next